protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionAuthorizationRequirement requirement)
{
if (context.User != null)
{
if (context.User.IsInRole("admin"))
{
context.Succeed(requirement);
}
else
{
var userIdClaim = context.User.FindFirst(_ => _.Type == ClaimTypes.NameIdentifier);
if (userIdClaim != null)
{
if (_userStore.CheckPermission(int.Parse(userIdClaim.Value), requirement.Name))
{
context.Succeed(requirement);
}
}
}
}
return(Task.CompletedTask);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionAuthorizationRequirement requirement)
{
var httpContext = _httpContextAccessor.HttpContext;
//获取授权方式
var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
if (defaultAuthenticate != null)
{
//验证签发的用户信息
var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
if (result.Succeeded)
{
//判断是否为已停用的token
if (!await _jwtApp.IsCurrentActiveTokenAsync())
{
context.Fail();
return;
}
httpContext.User = result.Principal;
//判断是否过期
if (DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration).Value) < DateTime.UtcNow)
{
context.Fail();
return;
}
}
else
{
context.Fail();
return;
}
}
else
{
context.Fail();
return;
}
var role = context.User.FindFirst(p => p.Type == ClaimTypes.Role);
if (role != null)
{
if (context.User.IsInRole("admin"))
{
context.Succeed(requirement);
return;
}
else
{
var userIdClaim = context.User.FindFirst(p => p.Type == ClaimTypes.NameIdentifier);
if (userIdClaim != null)
{
if (_userStore.CheckPermission(int.Parse(userIdClaim.Value), requirement.Name))
{
context.Succeed(requirement);
return;
}
}
}
}
context.Fail();
}
